Skip to content
Data breachContained

Leak at Auchan

On 19 November 2024, French retailer Auchan disclosed a breach of its loyalty programme exposing the personal data of more than 500,000 customers — names, contact details, dates of birth, family composition and loyalty-card/balance information; no bank data or passwords were affected.

Victim
Auchan
records
500.0K

On 19 November 2024, Auchan — one of France's largest supermarket and hypermarket chains — notified affected customers that its loyalty programme had been breached, exposing the personal data of more than 500,000 account holders. It was the retailer's second loyalty-data incident in roughly a year.

The compromise was limited to loyalty ("fidélité") accounts. Auchan stated that no banking data, passwords or loyalty-account PIN codes were exposed in the attack.

The exposed data included:

  • Names and first names
  • Email and postal addresses
  • Phone numbers
  • Dates of birth
  • Family composition / household details
  • Loyalty card numbers and loyalty "kitty" (cagnotte) balances

Auchan said it contained the attack quickly and put additional safeguards in place, including reinforced controls over loyalty-balance redemption to prevent points being stolen. The retailer reported the incident to France's data-protection authority (CNIL) and the relevant cyber-defence services, and warned customers to be alert to phishing emails, texts and calls that could exploit the leaked information.

Sources

  1. bleepingcomputer.comhttps://www.bleepingcomputer.com/news/security/auchan-retailer-data-breach-impacts-hundreds-of-thousands-of-customers/
  2. securityweek.comhttps://www.securityweek.com/hundreds-of-thousands-affected-by-auchan-data-breach/
  3. zataz.comhttps://www.zataz.com/nouveau-piratage-auchan-cartes-fidelite-exposees/
  4. lemondeinformatique.frhttps://www.lemondeinformatique.fr/actualites/lire-encore-pirate-auchan-alerte-sur-une-fuite-de-donnees-clients-97652.html

Related incidents

Data breachContained

Leak at Auchan

In August 2025, French retailer Auchan disclosed a breach exposing personal data of several hundred thousand Waaoh loyalty-program customers — names, titles, postal and email addresses, phone numbers and loyalty card numbers; bank data and PINs were not affected.

Victim
Auchan
Data breachUnknown

Leak at Electro Dépôt

Customer data attributed to French electronics retailer Electro Dépôt surfaced as one of at least 17 French breaches consolidated on an open database, exposing names, contact details, IP addresses and partial payment data.

Victim
Electro Dépôt
Data breachUnknown

Leak at Go Sport

In December 2024, French sporting-goods retailer Go Sport was named in dark-web claims of a customer data leak; the alleged fresh breach was debunked, with the data tracing back to a 'go-sport.com' file in an earlier compilation of past French breaches.

Victim
Go Sport
Data breachResolved

Data leak at Sport 2000

Customer database of French sporting-goods retailer Sport 2000 — covering roughly 4.3 million people — was stolen and circulated on hacking forums and the dark web, exposing names, contact details, dates of birth and purchase history.

Victim
Sport 2000
Records
4.4M